From 2b54fe97ffa29f1559435e2c76ce09291a96396d Mon Sep 17 00:00:00 2001 From: Paul Eggert Date: Sat, 24 May 2025 13:01:31 -0700 Subject: [PATCH] =?utf8?q?stdbuf:=20don=E2=80=99t=20allocate=20more=20than?= =?utf8?q?=20SIZE=5FMAX=20/=202?= MIME-Version: 1.0 Content-Type: text/plain; charset=utf8 Content-Transfer-Encoding: 8bit * src/libstdbuf.c (apply_mode): Be more conservative about sizes passed to malloc, since we can’t rely on Gnulib malloc. --- src/libstdbuf.c | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/src/libstdbuf.c b/src/libstdbuf.c index 2b4dbe1f2d..51665bd5a0 100644 --- a/src/libstdbuf.c +++ b/src/libstdbuf.c @@ -94,8 +94,11 @@ apply_mode (FILE *stream, char const *stream_name, char const *envvar) return; } - buf = (size <= ((unsigned long int) -2 < (size_t) -1 - ? (unsigned long int) -2 : (size_t) -1) + /* If strtoul might have overflowed or if the size is more than + half of size_t range, treat it as an allocation failure. + Huge sizes can cause problems with some stdio implementations. */ + buf = (size <= ((unsigned long int) -2 < (size_t) -1 / 2 + ? (unsigned long int) -2 : (size_t) -1 / 2) ? malloc (size) : nullptr); if (!buf) { -- 2.47.3